We can see the preg_match function in use to filter out the characters ';' and '&'. Therefore, we won't be able to terminate the command like we did in the previous writeup. However, what if we could utilize the grep command to output the contents of a particular file using a wildcard keyword, and specifying the password file of the natas11 user?

We can do so with the following command:

.* /etc/natas_webpass/natas11 #

This command searches for any character in the file and comments out the reference to dictionary.txt. Let's see what happens:

Awesome. We can see that our command completed successfully, and we can see the contents of the password file at the bottom (in addition to the contents of what appears to be the .htaccess file for natas10). We can use this password to log in to the next level. More writeups to come.